tag:blogger.com,1999:blog-1029833275466591797.post7459443048263884953..comments2018-05-24T13:11:18.314-04:00Comments on Cisco's Talos Intelligence Group Blog: Gmail Worm Requiring You To Give It A Push And Apparently You All Are Really HelpfulNick Biasinihttp://www.blogger.com/profile/11420644688145888259noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-1029833275466591797.post-88012973299796264672017-05-04T14:35:36.994-04:002017-05-04T14:35:36.994-04:00Also worth noting that anybody could access the ma...Also worth noting that anybody could access the mailinator account, allowing them to see which email addresses globally had fallen victim to the &quot;attack&quot;. It provided a nice list of users that you shouldn&#39;t hire in at security practice. :)Dean Grellhttps://www.blogger.com/profile/12294508414216357407noreply@blogger.comtag:blogger.com,1999:blog-1029833275466591797.post-71568763699679485122017-05-04T09:17:02.698-04:002017-05-04T09:17:02.698-04:00I advise users to avoid clicking on links in email...I advise users to avoid clicking on links in emails, even for legitimate messages. Instead, close the email message, open their web browser, and visit the account from their own bookmarks. If it is a legitimate message from their bank, dropbox, Amazon, etc. it will be waiting for them once they log in. Getting a login screen from a link or attachment in an email should always be a cause for alarm.Keithhttps://www.blogger.com/profile/03607876304070718061noreply@blogger.comtag:blogger.com,1999:blog-1029833275466591797.post-81592682297635388422017-05-03T22:02:03.180-04:002017-05-03T22:02:03.180-04:00Nice so at that point you were just theorizing or ...Nice so at that point you were just theorizing or had you seen a poc or something in the wild? Craig Williamshttps://www.blogger.com/profile/01254058066304774724noreply@blogger.comtag:blogger.com,1999:blog-1029833275466591797.post-12651503237794697792017-05-03T21:57:57.291-04:002017-05-03T21:57:57.291-04:00I wrote about this months ago: http://www.redblue....I wrote about this months ago: http://www.redblue.team/2017/02/abusing-google-app-scripting-through.htmlGreg Carsonhttps://www.blogger.com/profile/11624004577263582254noreply@blogger.com